15
DATA SECURITY It’s your data – are you sure it’s safe? By Shahbaz khan Rol Num 0000 AUST

what is data security full ppt

Embed Size (px)

Citation preview

Page 1: what is data security full ppt

DATA SECURITY

It’s your data – are you sure it’s safe?

By Shahbaz khan

Rol Num

0000

AUST

Page 2: what is data security full ppt

Data is any type of stored digital information

Every company needs places to store institutional knowledge and data.

Frequently that data contains proprietary informationPersonally Identifiable DataEmployee HR DataFinancial Data

The security and confidentiality of this data is of critical importance.

Page 3: what is data security full ppt

AVAILABILITY

Data needs to be available at all necessary times

Data needs to be available to only the appropriate users

Need to be able to track who has access to and who has accessed what data

Page 4: what is data security full ppt

Security is about the protection of assets.

Prevention: measures taken to protect your assets from being damaged.

Detection: measures taken to allow you to detect when an asset has been damaged, how it was damaged and who damaged it.

Reaction: measures that allow you to recover your assets.

Page 5: what is data security full ppt

. A security policy is a comprehensive document that defines a companies’ methods for prevention, detection, reaction, classification, accountability of data security practices and enforcement methods.

It generally follows industry best practices as defined by ISO 17799,27001-02, PCI, ITIL, SAS-70, HIPPA , SOX or a mix of them.

Security Policy

Page 6: what is data security full ppt

The security policy is the key document in effective security practices.

Once it has been defined it must be implemented and modified and include any exceptions that may need to be in place for business continuity.

All users need to be trained on these best practices with continuing education at regular intervals.

Page 7: what is data security full ppt

TOOLS TO SECURE DATA Data needs to be classified in the

security policy according to its sensitivity.

Once this has taken place, the most sensitive data has extra measures in place to safeguard and ensure its integrity and availability.

All access to this sensitive data must be logged.

Secure data is usually isolated from other stored data.

Page 8: what is data security full ppt

. Controlling physical access to the data center or area where the data is stored.

Active or Open Directory is a centralized authentication management system that is available to companies to control and log access to any data on the system.

Encryption of the sensitive data is critical before transmission across public networks

Page 9: what is data security full ppt

The use of firewalls on all publicly facing WAN connections.

Deploying VLANs’ and ACLs’ to isolate sensitive departments from the rest of the network.

Shutting down unused switch ports.

If wireless is deployed, use authentication servers to verify and log the identity of those logging on.

Anti-Virus and malicious software protection on all systems.

Page 10: what is data security full ppt

SECURITY OVERVIEW

. There are four key issues in the security of databases just as with all security systems

AvailabilityAuthenticity IntegrityConfidentiality

Page 11: what is data security full ppt

AVAILABILITY Data needs to be available at all

necessary times

Data needs to be available to only the appropriate users

Need to be able to track who has access to and who has accessed what data

Page 12: what is data security full ppt

AUTHENTICITY . Need to ensure that the data has been

edited by an authorized source Need to confirm that users accessing

the system are who they say they are

Need to verify that all report requests are from authorized users

Need to verify that any outbound data is going to the expected receiver

Page 13: what is data security full ppt

INTEGRITY . Need to verify that any external data

has the correct formatting and other metadata

Need to verify that all input data is accurate and verifiable

Need to ensure that data is following the correct work flow rules for your institution/corporation

Need to be able to report on all data changes and who authored them to ensure compliance with corporate rules and privacy laws.

Page 14: what is data security full ppt

CONFIDENTIALITY . Need to ensure that confidential data

is only available to correct people Need to ensure that entire database is

security from external and internal system breaches

Need to provide for reporting on who has accessed what data and what they have done with it

Mission critical and Legal sensitive data must be highly security at the potential risk of lost business and litigation

Page 15: what is data security full ppt